lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <865B1FD1-6419-4D81-8448-E2B291A748EE@holtmann.org>
Date:   Tue, 31 Jan 2023 21:23:26 +0100
From:   Marcel Holtmann <marcel@...tmann.org>
To:     Chuck Lever III <chuck.lever@...cle.com>
Cc:     Jakub Kicinski <kuba@...nel.org>, netdev <netdev@...r.kernel.org>,
        "hare@...e.com" <hare@...e.com>,
        David Howells <dhowells@...hat.com>,
        Olga Kornievskaia <kolga@...app.com>,
        "jmeneghi@...hat.com" <jmeneghi@...hat.com>,
        Benjamin Coddington <bcodding@...hat.com>,
        Jeff Layton <jlayton@...hat.com>
Subject: Re: [PATCH v2 2/3] net/handshake: Add support for PF_HANDSHAKE

Hi Chuck,

>>> And, do you have a preferred mechanism or code sample for
>>> installing a socket descriptor? 
>> 
>> I must admit - I don't.
> 
> As part of responding to the handshake daemon's netlink call,
> I'm thinking of doing something like:
> 
> get_unused_fd_flags(), then sock_alloc_file(), and then fd_install() 

can we be really careful here. fd passing over Unix sockets is already
complicated to get right on the receiver side. We had this with D-Bus
and man, can you screw up things here. The problem is really that your
fd is part of the receiving process as soon as you receive that message
and you are _required_ to take care of it. Simple things like not
setting CLOEXC is already a path to disaster. And Unix sockets have
SCM_RIGHTS and other fun stuff. I don’t remember having that for
Netlink. And don’t forget the SELinux etc. folks that might want to
have some control here.

Regards

Marcel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ